Cisco Adaptive Security Appliance failover denial of service

cisco-asa-failover-dos (23160) The risk level is classified as MediumMedium Risk

Description:

Cisco Adaptive Security Appliance is vulnerable to a denial of service attack caused by a vulnerability in the failover testing algorithm and the lack of authentication for failover messages. A remote attacker on the local network could send a spoofed ARP request during a failover to cause neither device to become operational resulting in a denial of service.


Consequences:

Denial of Service

Remedy:

No remedy available as of September 4, 2010.

References:

  • BugTraq Mailing List, Sun Nov 13 2005 - 23:19:07 CST: CISCO ASA Failover DoS Vulnerability.
  • Cisco Adaptive Security Appliance Web site: Cisco ASA 5500 Series Adaptive Security Appliances - Products & Services - Cisco Systems.
  • BID-15407: Cisco Adaptive Security Applicance Failover Testing Denial of Service Weakness
  • CVE-2005-3788: Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka failover denial of service.
  • SA17550: Cisco ASA Failover Denial of Service Weakness
  • SECTRACK ID: 1015205: Cisco Adaptive Security Appliance Failover Bug Lets Remote Users Deny Service in Certain Conditions

Platforms Affected:

  • Cisco Adaptive Security Appliance 7.0(0)
  • Cisco Adaptive Security Appliance 7.0(2)
  • Cisco Adaptive Security Appliance 7.0(4)

Reported:

Nov 13, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page